REMARKS 

The non-final Office Action dated March 23, 2004 ("Office Action") rejected all the 
pending claims of the instant application. Independent Claim 16 and dependent Claim 17 stand 
rejected under 35 U.S.C. § 102(b) as being anticipated by Spies et al, U.S. Patent No. 5,689,565. 
In addition, independent Claim 1 and dependent Claims 2-7 and 12-15 stand rejected under 
35 U.S.C. § 103(a) as being unpatentable over Shrader et al., U.S. Patent No. 6,374,359, in view 
of Quimby, U.S. Patent No. 5,367,573, and further in view of Hardy et al., U.S. Patent 
No. 5,623,546. Additionally, Claims 8-11 stand rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Shrader et al., as modified by Quimby and Hardy et al., and further in view of 
Becker et al., U.S. Patent No. 6,557,038. This Amendment sets forth arguments as to why 
applicant believes that the Office's position with respect to the pending claims is incorrect and 
should be withdrawn. 

In addition to the claim rejections, the specification stands objected to. In response to the 
specification objection, various small corrections have been made to the disclosure of the instant 
application. In addition, the Applicant has also revised the Abstract of the Disclosure in order to 
conform it to the requirements of the Office. 

In order to assist the Office in further understanding the exemplary embodiments of the 
present invention, the Applicant provides below a summary of the invention, which relates to the 
various exemplary embodiments of the present invention. It is to be understood that the 
following summary of the various exemplary embodiments is not provided to define the scope or 
interpretation of any of the claims of this application. Instead, the summary is provided to help 
the Office better appreciate claim distinctions discussed hereinafter. 



LAW OFFICES OF 
CHRISTENSEN O'CONNOR JOHNSON KINDNESS"^ 
1420 Fifth Avenue 
Suite 2800 
Seattle, Washington 98101 
-3- 206.682.8100 

MSFTM 5430AMDOC 



Summary of the Invention 

Generally, an exemplary embodiment of the present invention relates to a method and 
apparatus for encoding and storing storage data that minimizes the amount of data transferred 
between a client computer and a server computer, while at the same time maximizing the amount 
of configuration information transferred. An exemplary embodiment of the present invention 
makes use of encoding and storing session data in an encoded and encrypted session cookie in 
order to maximize the amount of configuration information transferred. In particular, an 
exemplary embodiment of the present invention provides a server computer that encodes session 
data into a session cookie in a tag-length- value format. 

The tag-length-value format encodes data by providing a tag identifying the semantic 
information that a value represents, the length of the value, and then the value itself. Once the 
data has been encoded in the tag-length-value format, the server computer encrypts the encoded 
session data using the modified encryption key. The modified encryption key may be formatted 
by inserting a secret, such as the user's password or e-mail address, into a standard encryption 
key at a predefined location. The session cookie is then formed by concatenating the length of a 
length of the secret, the length of the secret, the secret itself, and the encoded and encrypted 
session data. The session cookie is then transmitted from the server computer to a client 
computer, where it is stored. 

Specification Objection 

Applicant has amended the disclosure along with the Abstract of the Disclosure in 
response to the Office's specification objection. In view of these minor corrections by the 
Applicant, it is respectfully submitted that the specification objection has been obviated. 
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Accordingly, the Office is respectfully requested to reconsider and withdraw the specification 
objection. 

Claim Rejection Under 35 U.S.C. § 102(b) 

Claims 16 and 17 stand rejected under 35 U.S.C. § 102(b) as being anticipated by Spies 
et al. For the reasons discussed below, Applicant respectfully submits that the relied upon patent 
document fails to teach or suggest the recitation of independent Claim 16. Moreover, applicant 
respectfully submits that the relied upon document is similarly deficient with respect to the 
rejected dependent claim. Additionally, applicant respectfully submits that the dependent claim 
is allowable at least due to its dependence upon an allowable independent claim. 
Rejection of Independent Claim 16 

Independent Claim 16 sets forth a combination of limitations including "a first data field 
containing data representing a data length identifier and a tag type ." (Emphasis added.) For the 
following reasons, the patent relied upon by the Office, whether taken alone or in combination, 
fails to teach or suggest at least this indicated limitation of independent Claim 16. 

Spies et al. teach a cryptography system and method for providing cryptographic services 
for a computer application. According to Spies et al., and as illustrated in Figure 9 of the patent, 
a communication data structure may include a data structure 140 used to carry a package that is 
exchanged between participants, or between a participant and a trusted authority. (See Col. 15, 
lines 62-65.) The tag-length- value (TLV) data structure 140 consists of three parts: an identifier 
field 142 (which is also known as the "tag"), a length field 144, and a value field 146). 
(Emphasis added.) (See Col. 1 6, lines 4-6.) 

According to the patent, the identifier field or tag 142 is a fixed-sized field that defines or 
identifies the commensurate data contained in the package. The length field 144 is a variable- 
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sized field that contains the length of the commensurate data contained in the package. Finally, 
the length field is preferably an exact byte count of the data contained in the value field 146. As 
is disclosed by the patent, the three specific fields 142, 144 and 146 are those that are included in 
the data structure 140. Moreover, the patent document indicates that only these fields 142, 144, 
and 146 make up the data structure 140. In particular, Spies etal. indicates that the " data 
structure 140 consists " of the three indicated fields. (See Col. 16, line 4.) 

As is understood by the discussed portion of the Spies et al. patent, the data structure 140 
does not include a field that contains data representing "a data length identifier and a tag type." 
The identifier field 142 of the data structure 140 relates to the commensurate data contained in 
the package. This commensurate data does not relate to data that is designed to identify "a tag 
type." Moreover, the various fields 142, 144, and 146 of the data structure 140 are not 
individually capable of containing data that identifies two distinct data types. However, 
distinctive to the Spies et al. patent, the first data field set forth in independent Claim 16 includes 
"data representing the data length identifier and a tag type." 

With regard to rejection of dependent Claim 17, applicant respectfully submits that this 
claim is allowable at least due to its dependence upon an allowable independent claim. 
Moreover, applicant respectfully submits that this claim sets forth recitation that further defines 
the present invention over the patent document relied upon by the Examiner. 

In view of the above comments, Applicant respectfully requests reconsideration and 
withdrawal of the claim rejection under 35 U.S.C. § 102(b). 

Claim Rejections Under 35 U.S.C. § 103(a) 

Claims 1-7 and 12-15 stand rejected under 35 U.S.C. § 103(a) as being unpatentable over 
Shrader et al., U.S. Patent No. 6,374,359, in view of Quimby, U.S. Patent No. 5,367,573, and 
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further in view of Hardy etal., U.S. Patent No. 5,623,546. Additionally, Claims 8-11 stand 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Shrader etal. as modified by 
Quimby and Hardy et al., and further in view of Becker et al., U.S. Patent No. 6,557,038. For 
the following reasons, applicant respectfully submits that these documents, whether standing 
alone or in combination, fail to teach or suggest the recitation of independent Claim 1. 
Moreover, applicant respectfully submits that these documents are similarly deficient with 
respect to the dependent claims of the instant application. In addition, applicant respectfully 
submits that the dependent claims are allowable at least due to the dependence upon an allowable 
independent claim. 

Independent Claim 1 sets forth a combination of limitations including "concatenating a 
secret, a length of the secret, and a length of the secret with said encrypted coded configuration 
data to form a session cookie." For the following reasons, the documents relied upon by the 
office, whether taken alone or in combination, fail to teach or suggest at least this indicated 
limitation of independent Claim 1 . 

Shrader et al. teaches the dynamic use and validation of HTTP cookies for authentication. 
According to Shrader et al., a cookie value routine 42 is initiated when a server-driven graphical 
user interface verifies a username and a password sent to thereto from a login panel of a user's 
web browser. The cookie value routine 42 constructs a cookie value that includes a username, 
password, and IP address. (See Col. 7, lines 16-21.) 

As is stated in the Office Action, it is readily appreciated that the disclosure of Shrader 
et al. fails to teach or suggest at least "concatenating a secret, a length of the secret, and a length 
of the length of the secret with said encrypted coded configuration data to form a session 
cookie." (Emphasis added.) Instead of relying upon the reference to make up for the indicated 
deficiency, the Office Action merely states that "[t]he act of supplying the length of the length of 
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a field only adds more validation, therefore the extra validation fields are obvious." The 
Applicant respectfully disputes that this is insufficient reasoning to substantiate a rejection under 
35U.S.C. § 103(a). 

The Office is respectfully reminded that in order to set forth a proper rejection under 
35 U.S.C. § 103(a), each and every element taught by the claim being rejected must be taught by 
the reference, or the combination of references, being relied upon. If a combination of references 
is used, then the Office must supply reasonable motivation for combining the references. This 
motivation must come from the references themselves, or may also be provided based on the 
expertise of those having ordinary skill in the art. Applicant respectfully submits that the above- 
indicated conclusionary statement by the Office does not satisfy the rigorous standards required 
for substantiating a rejection under 35 U.S.C. § 103(a). 

Because the additional patent documents have not been relied upon in the Office Action 
to make up for the indicated deficiencies of Shrader et al., the specifics of these documents have 
not been discussed herein. However, from even a cursory review of the additional patent 
documents relied upon, it is clear that the disclosures therein do not make up for the deficiencies 
discussed in relation to Shrader et al. 

Therefore, because Shrader et al. fail to teach or suggest at least "concatenating a secret, a 
length of the secret, and a length of the length of the secret with said encrypted coded 
configuration data to form a session cookie," and the supplemental documents relied upon do not 
make up for this deficiency of Shrader et al., a proper rejection under 35 U.S.C. § 103(a) has not 
been presented by the Office. Moreover, even assuming arguendo that all the elements are 
taught by the combination of references relied upon by the Office, the rejection under 35 U.S.C. 
§ 103(a) is deficient, as the stringent requirements for establishing obviousness under the Statute 
have not been met. 
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In accordance with the above, applicant respectfully requests reconsideration and 
withdrawal of the rejection of independent Claim 1, and those claims that are dependent thereon. 

In view of the above comments, reconsideration and withdrawal of each of the claim 
rejections is respectfully requested. 

CONCLUSION 

In view of the foregoing amendments and remarks, Applicant respectfully submits that 
the present application is now in condition for allowance. Reconsideration and reexamination of 
this application, as amended, allowance of the rejected claims, and passage of the application to 
issue at an early date are respectfully solicited. If the Examiner has any questions or comments 
concerning this application, the Examiner is invited to contact the undersigned at the number 
below. 

Respectfully submitted, 

CHRISTENSEN O'CONNOR 
JOHNSON KINDNESS PLLC 




Timothy R>Wyckoff 
Registration No. 46,175 
Direct Dial No. 206.695.1641 

I hereby certify that this correspondence is being deposited with the U.S. Postal Service in a sealed 
envelope as first class mail with postage thereon fully prepaid and addressed to Mail Stop Amendment, 
Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450, on the below date. 

Date: ^^^^ ^ ^/U^ 
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Abstract of the Disclosure 
Session data is encoded in a tag-length-value format and encrypted using a modified 
encryption key. A session cookie is then formed by concatenating the length of the length of the 
secret, the length of the secret, the secret itself, and the encoded and encrypted configuration 
data. The session cookie is transmitted from a server computer to a client computer, where it is 
stored. Each time the client computer begin s a new communications session with the s erver 
computer that generated the s ession cookie, the s ession cookie i s tran s mitted from the client 
computer to the server computer. — The s erver computer receives the s es s ion cookie from the 
client computer and extract s the s ecret s tored in the se ss ion cookie. The server computer then 
creates the modified encryption key by inserting the s ecret into the s tandard encryption key at the 
predefined location. The server computer then utilizes the modified encryption key to decrypt 
the encoded session data stored in the session cookie. Once the encoded se s sion data has been 
decrypted, the server computer decodes the tag s contained in the encoded s e s sion data. For each 
tag, the server computer determines whether the tag i s recognized as a valid tag. If the tag i s a 
valid tag, the server computer utilizes the value associated with the tag to configure itself If the 
tag is not a valid tag, the server computer ignores the tag and attempts to decode the next tag. 
The server computer continues decoding tags until no tags remain to be decoded. A new session 
cookie may be created and transmitted to the client computer. Periodically, the server computer 
may reque s t the new ses s ion cookie from the client computer to determine if the communications 
session between the client computer and the s erver computer i s s till active. If no response or an 
invalid session cookie i s received, the communications s es s ion between the client and s erver 
computer s is termin atedr 
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